Grinder is a system to automate the fuzzing of web browsers and the management of a large number of Crashes. Grinder Nodes provide an automated way to fuzz a browser, and generate useful crash information (such as call stacks with symbol information as well as logging information which can be used to generate reproducible test cases at a later stage). A Grinder Server provides a central location to collate crashes and, through a web interface, allows multiple users to login and manage all the crashes being generated by all of the Grinder Nodes.
- A Grinder Node requires a 32/64 bit Windows system and Ruby 2.0 (Ruby 1.9 is also supported but you won't be able to fuzz 64-bit targets).
- A Grinder Server requires a web server with MySQL and PHP.
Grinder Server features:
- Multi-user web application. User can login and manage all crashes reported by the Grinder Nodes. Administrators can create more users and view the login history.
- Users can view the status of the Grinder system. The activity of all nodes in the system is shown including status information such as average testcases being run per minute, the total crashes a node has generated and the last time a node generated a crash.
- Users can view all of the crashes in the system and sort them by node, target, fuzzer, type, hash, time or count.
- Users can view crash statistics for the fuzzers, including total and unique crashes per fuzzer and the targets each fuzzer is generating crashes on.
- Users can hide all duplicate crashes so as to only show unique crashes in the system in order to easily manage new crashes as they occur.
- Users can assign crashes to one another as well as mark a particular crash as interesting, exploitable, uninteresting or unknown.
- Users can store written notes for a particular crash (viewable to all other users) to help manage them.
- Users can download individual crash log files to help debug and recreate testcases.
- Users can create custom filters to exclude uninteresting crashes from the list of crashes.
- Users can create custom e-mail alerts to alert them when a new crash comes into the system that matches a specific criteria.
- Users can change their password and e-mail address on the system as well as view their own login history.
Grinder Node features:
- A node can be brought up and begin fuzzing any supported browser via a single command.
- A node injects a logging DLL into the target browser process to help the fuzzers perform logging in order to recreate testcases at a later stage.
- A node records useful crash information such as call stack, stack dump, code dump and register info and also includes any available symbol information.
- A node can automatically encrypt all crash information with an RSA public key.
- A node can automatically report new crashes to a remote Grinder Server.
- A node can run largely unattended for a long period of time.
Note: Grinder does not include any fuzzers for the Grinder Nodes and you will need to write your own. However, a very simple example fuzzer is included to show how to begin writing suitable fuzzers for use with Grinder.
InstallationInstalling a Grinder Server:
- Copy the contents of .\grinder\server\ over the web server.
- Create a MySQL database and associated user.
- Surf over to the install.php page to complete the installation.
- When installing, the 'Grinder Key' used must be the same as the one written in all the Grinder Nodes config.rb files (see below).
- After successful installation, you can login and view all of the running nodes and all of the crashes generated.
Installing a Grinder Node:
- Install Ruby (www.ruby-lang.org). Ruby 2.0 x64 can fuzz both 32bit and 64bit targets. Ruby 2.0 x86 and Ruby 1.9 x86 can only fuzz 32bit targets.
- On a 32bit Windows system: Copy '.\grinder\node\data\x86\grinder_logger.dll' to 'c:\windows\system32'
- On a 64bit Windows system: Copy '.\grinder\node\data\x86\grinder_logger.dll' to 'c:\windows\syswow64'
- On a 64bit Windows system: Copy '.\grinder\node\data\x64\grinder_logger.dll' to 'c:\windows\system32'
- Create a folder for symbol files to be stored, e.g. 'c:\symbols'
- Edit the config.rb file to suit your setup. Please see the default config.rb file for a description of the various options. You may create multiple config files if you intend on running more than one node on a system, (e.g. config_g1.rb, config_g2.rb). You can then specify on the command line which config file to use when bringing up the node. If you have setup a Grinder server, use the same Grinder Key and the appropriate server URL so the node can communicate with the Grinder server.
- Finally to run the node issue a Ruby command as shown below where the browser parameter is the browser you want to fuzz (e.g. IE, FF or CM).
.\grinder\node>ruby grinder.rb [--config=c:\path\to\alternative\config.rb]
You might also like:
- NoSQLMap - Automated Mongo Database & NoSQL Web Application Exploitation Tool
- Blue|Smash - A Bluetooth Pentest Suite
- Harald Scan - A Bluetooth Scanner for Linux and Mac OS X
- CSRFTester - Cross-Site Request Forgery Vulnerability Tester
- ModSecurity - An Open Source Web Application Firewall Engine
- PDFMiner - Python PDF Parser and Analyzer
- pyClamd - Using Clamav with Python
- FuzzDB - Comprehensive Set Of Known Attack Sequences
- SecLists - The Pentesters Companion
- Cansina - Web Content Discovery Tool
- GoatDroid - Self-Contained Android Pentesting Environment
- Wapiti - Web Application Vulnerability Scanner
- Wireless Attack Toolkit - A Push-button Wireless Hacking & Man-In-The-Middle Attack Toolkit
- SQL Injection Test Environment - A Collection Of Web Pages Vulnerable To SQL Injection
- MKBRUTUS - A Password Bruteforcer For MikroTik Devices or Boxes Running RouterOS
- Ghiro - Automated Digital Image Forensics Tool
- Mellivora - A CTF (Capture The Flag) Engine
- Lynis - Security Auditing Tool For Unix/Linux Systems
- FoxOne - Server Reconnaissance Scanner